[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Media Hackers

On Sun, 29 Sep 2002, Samuele Giovanni Tonon wrote:

> On Sat, Sep 28, 2002 at 05:36:06PM +0100, Dale Amon wrote:
> > I'm curious if anyone has thought about ways of blocking
> > this sort of attack before it gets to the home user?
> > 	http://www.the-dailyrant.com/archives/000855.html#000855
> > 
> it depends on the attack: they say they want the 
> "Congress to allow them to be able to legally hack"

My understanding of this, just from some online study, is
that what they are contemplating doing at this time would
be along the lines of:

Custom client uses the normal API of the P2P sharing
services to find files that are being made available
from the individuals machine, in the ordinary way of
doing so. (So far that is not a hack or attack in any
sense I am aware of). Then they retrieve the shared file(s)
but at a very slow rate and from as many client machines as
the 'server' machine will allow. Thus tying up the 'server'
at it's limit denying access for as long as they can keep
the connection alive. Still IMHO not a real 'attack', but
may in some cases be a form of denying legitimate 'use
and enjoyment' of the individual's computer. Not likely
to be a cause of 'damage', so much as it might tie up
lots of bandwidth through any particular ISP, when/if
they concentrate efforts on some range of IP addresses.

On some of the networks we oversee, we were doing some
really short DHCP leases to their DSL customers. Got only
one complaint, and it likely was a user whose P2P sharing
was hampered. But we decided for other reasons to lengthen
the default and allowed leases to 14400 and 7200 seconds
anyway. (We were using 3600 Max and 600 Default for the
trial period). Mostly we wanted to see if we could get
more efficient return of ip addresses to the DHCP pool.
And gather stats on how long customers were actually
leaving their systems/bridges (call them modems if you
want) on. Turns out to be about two hours per session.

I personally thought that we had somewhat fewer questions
and complaints about 'hacking attempts' from those customers
for the duration of the experiment. But it really is not
common enough to get complaints that there could be any
statistical validity, and other influences could easily
be the cause of perceived reduced complaints.

> so it seems not specific to p2p flaws but by using 
> any known flaws of the target system.
> How can you block them ? the same way you block 
> normal "hackers" .

Really, from what I have read, the way to block it
would seem to be to limit how many slow connections
the P2P software would permit.
> > I think it is especially important to those of us
> > who are not under US law, living in places where such
> > activity would not only *be* criminal, but would be treated
> > as such under law.

Not at all obvious that it would be criminal anywhere if
the so-called hack is as I saw described.

> it depends on the "agreement law" between your country and US,
> Anyway they should cooperate with the local country police, 
> because (fortunately) DMCA is not a "global law"; so they can
> be persecuted if they hack on to my pc that is outside us law; 
> if not, well, there would be so many law about privacy, private rights,
> local law that were breaked, that i should start to think of living
> in a world with a "us dictatorship", and that "1984" is now true.

But is it a problem if someone just hogs the available connections
that your software is able to form? Doing nothing other than what
you set it up to provide, but much slower? 

> Anyway, Stay in touch with debian security updates and watch your logs :-)
> Regards
> Samuele 

Standard disclaimers apply. IANAL. Not anyone's opinion except my
own. No warranty. Do not eat anything bigger than your head.

Reply to: